The worst attacks are the ones you don't even know to look for

David Braue |
July 4, 2016

An Interview with Wynyard Groups's Mike O'Keeffe by CSO Australia

"Real time" versus meaningful time

Many cyber analytics products claim to operate on the network in 'real time' but ACTA adopts a different philosophy, collecting log data for longer periods to build up a meaningful understanding of normal behaviour.

This approach favours slow, careful and deliberate analysis over wire-speed data capture that is often quite limited in its capabilities as a result.

Drawing from Wynyard Group's heritage in after-the-fact forensic data analysis - which requires collection of large volumes of data before analysing them - the application of this technique to cybercriminal activity reflects the need to maintain a bigger-picture view of ongoing network activities.

"When you operate in real time you can only use a specific set of data to be processed through your machine-learning models to get a result," O'Keeffe explains. "Taking a long term approach, the analysis process is more deliberative and more logical. You can take more variables into account - and when you generate a number of threats for investigation, you can be more confident that they are prioritised and focused on the things that investigators need to be concerned with."

This approach is particularly important given the "gigantic" volumes of data being generated by network-security logging tools, which O'Keeffe says make it "absolutely impossible to keep pace with monitoring that type of data. There's simply too much data to monitor; even using rules and signatures or trained models, it's very difficult to find serious compromises simply because of the volume of data."

The application of special-purpose algorithms to massive data repositories has become a defining feature of the new economy, helping organisations make sense of their fast-accumulating information in a meaningful way. Gartner calls this trend the 'algorithm economy' and has highlighted its importance in helping companies apply advanced analytical techniques to their data.

"Proprietary algorithms that solve specific problems that translate into actions - will be the secret sauce of successful organizations in the future," the firm's analysts have written, noting that algorithms "promise a brave new world of opportunities: software that thinks and does.

Cognitive software that drives autonomous machine-to-machine interactions. Artificial intelligence." This prediction directly addresses the type of machine-learning technology that Wynyard Group is already offering within its ACTA tool - and O'Keeffe says customers have warmed quickly to the opportunities that better security-profiling analysis offers.

"We're already having conversations with large financial institutions and telecommunications providers, with Telstra being an early adopter customer," he explains. "People are already very advanced in their thinking and they have this threat-hunting mentality where they are putting discovery teams together."

"These teams focus on hunting for threats that they accept have breached their network, using a combination of advanced analytics and specific discovery tools to explore the analytics results and hunt through the forest of data in a targeted manner to find the threats."